locked
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. RRS feed

  • Question

  • (I'm cross posting this from https://answers.microsoft.com/en-us/ie/forum/ie11-windows_7/a-certificate-chain-processed-but-terminated-in-a/e6895c7e-c6b9-4a96-a5f5-a4dcd40b7b45 as directed by the forum moderator there.)

    Hello,

    First, I have reviewed the other posts with similar questions and noted that I can install the certificate into root certificates and most likely this problem will go away, some specifics:

    1) When a client reported this error using a pop.secureserver.net on an outlook 2003 client, I just figured it was godaddy or the REALLY old Outlook client, but nonetheless, I went in to troubleshoot it and was convinced it was godaddy, but when I tried to start my Outlook 2016 client on my Windows 10 computer on their network, I got the same error.  Two notes are important: 1) I use godaddy as well and 2) I used the same computer at a different client just yesterday without a single error message.

    2) They use POP 995 w/ SSL & SMTP 465 w/ SSL to pop.secureserver.net & smtpout.secureserver.net repsectively

    3) I called the company that manages their firewall and was told that everything was fine, but was sent a certificate from the firewall that might fix the problem.

    4) The firewall company tells me they use a fortinet firewall

    I have some questions that I'm hoping one of the experts here can answer for me:

    - What in a firewall setup can cause a certificate to fail as listed in the subject?

    - Is there a port or configuration change they can make that would allow certificates to work properly?

    - How can I fix this without installing a certificate on every machine in the business?

    I hope this is in the right section.  I saw where several posts having to do with certificate errors were redirected to the IE forum, so I posted it here.  If there is a better forum for this question, please let me know.  Thanks in advance for any help with this.

    Jeff

    Wednesday, January 25, 2017 9:17 PM

All replies

  • Hi JeffSmith67,

    "What in a firewall setup can cause a certificate to fail as listed in the subject?"

    Disabling the firewall temporarily is the easiest way to troubleshoot whether the issue is caused by the firewall

    As far as I know, the certificates are usually related to those protocols using encryption. So I think the issue should be more related to those protocols using certificates rather than the certificates themselves.
    For the protocols using encryption, we could check the following link.
    Firewall Rules for Active Directory Certificate Services
    https://blogs.technet.microsoft.com/pki/2010/06/25/firewall-rules-for-active-directory-certificate-services/

    "How can I fix this without installing a certificate on every machine in the business?"
    A certificate should be trusted when we use it. According to error message, it seems that the machine is lack of the root certificate. So I think the root cause is that the root certificate is not installed on those machines.
    We could refer to the following link to deploy the certificate manually.
    Manage Trusted Root Certificates
    https://technet.microsoft.com/en-us/library/cc754841.aspx

    Best regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.




    Thursday, January 26, 2017 2:26 AM
  • Just unplug network cable
    Wednesday, January 23, 2019 5:29 AM